Blog Posts Tagged with "Multifactor Authentication"
August 20, 2012 Added by:Robert Siciliano
While less money was ultimately siphoned from banks and customers than in past years, there are new attack strategies on the horizon, which may push these numbers up in 2012. Threats, defenses, and vulnerabilities continually emerge, so stay tuned as we track the shifts in our evolving security landscape...
August 16, 2012 Added by:Robert Siciliano
Yahoo and LinkedIn were recently breached and usernames and passwords were stolen. These sites did something wrong that allowed those passwords to get hacked. However passwords themselves are too hackable. If multi-factor authentication was used, then the hacks may be a moot point and the data useless...
July 31, 2012 Added by:Jake Garlie
One of the more common ways pentesters break in to networks is by leveraging regular user accounts which have been compromised. They can be used in various ways to compromise systems, data, applications, and more. Once valid user accounts are obtained, using them throughout the network rarely triggers any alarms...
July 02, 2012 Added by:Headlines
"With no human participation required, each attack moves quickly and scales neatly.This operation combines an insider level of understanding of banking transaction systems with both custom and off the shelf malicious code and appears to be worthy of the term 'organized crime,'" the report states...
June 27, 2012 Added by:Headlines
"RSA has received many inquiries, press pickups, blog entries, and tweets regarding an alleged crack by researchers of the RSA SecurID 800 authenticator... an alarming claim and should rightly concern customers who have deployed the RSA SecurID 800 authenticator. The only problem is that it’s not true..."
June 25, 2012 Added by:Headlines
"[These products are] designed specifically to deal with the case where somebody gets physical access to it or takes control of a computer that has access to it... Here, if the malware is very smart, it can actually extract the keys out of the token.That's why it's dangerous"...
June 14, 2012 Added by:Megan Berry
There are many factors that can bring down your networks and compromise data, including criminals, carelessness and disgruntled employees. The hardware, software, and policies that make up the layers of network security defend your company’s systems from these threats. What are the most common threats?
May 15, 2012 Added by:Robert Siciliano
Financial institutions have established a layered security approach that includes multi-factor authentication, as well as doing due diligence when it comes to identifying customers as real people whose identities haven’t been stolen...
May 10, 2012 Added by:Robert Siciliano
All the conveniences of digital banking have its set of risks which requires upgrades in card technologies and authentication. In response banks have provided numerous methods for protecting your personal information and also making your banking experience more secure...
March 07, 2012 Added by:Javvad Malik
Understand who’s trying to get access and choose the control that will really protect you. Or rather, I should say, the control should protect you long enough for you to do something about it. Otherwise you might find yourself as the person holding a knife in a gunfight...
January 10, 2012 Added by:Robert Siciliano
“The guidance is an important reinforcement of several critical ideas: Fraud losses undermine faith in our financial system. Fraud tactics evolve constantly and the tools that combat them have to evolve as well. The guidance provides a perspective..."
September 30, 2011 Added by:Robert Siciliano
Here we are in 2011 and well over half a billion records have been breached. While not all of the compromised records were held by financial institutions or were accounts considered “high-risk”, many of those breached accounts have resulted in financial fraud or account takeover...
August 02, 2011 Added by:Robert Siciliano
Specifically the FFIEC states: “Since virtually every authentication technique can be compromised, financial institutions should not rely solely on any single control for authorizing high risk transactions, but rather institute a system of layered security, as described herein...."
July 29, 2011 Added by:Mike Meikle
You may have robust network security, stringent password policies and a tightly locked down user environment, but if you don’t know what you own, both data and hardware, it is akin to having a bank vault door standing alone in a field...
July 05, 2011 Added by:Boris Sverdlik
A dedicated attacker will not scour pastebin to get your password, although “inurl: password” used to be a common attack vector. More common amongst the dedicated attacker is getting as much background information as possible as an attacker builds the dossier on their target...
April 05, 2011 Added by:Rafal Los
Multi-factor authentication systems that use one-time passwords give the attacker a very small window within which to strike. They have that one session, and then they have to orchestrate the attack again, whereas with a password compromise you can keep attacking over and over...
Steps Toward Weaponizing the Android Platfor... Freid Jerome on 05-17-2013